def test_register_source() -> None:
DummyAdvisorySource._name = "dummy2"
register_source("dummy2", DummyAdvisorySource)
assert is_registered_source("dummy2")
_config = Configuration()
assert "dummy2" in _config.available_sources
@property
def total_count(self) -> int:
return len(self._advisories.keys())
def update(self) -> None:
request = urllib.request.Request(url=self._url,
headers={"User-Agent": "Mozilla/5.0"})
with urllib.request.urlopen(request) as response:
with open(self.path, "wb") as fh:
fh.write(response.read())
def has_security_advisory_for(self, package_name: str) -> bool:
return package_name.strip().lower() in self.advisories.keys()
def is_vulnerable_package(
self, package_name: str,
package_version: str) -> Tuple[bool, List[SecurityAdvisory]]:
if not self.has_security_advisory_for(package_name):
return False, []
advisories = []
for candidate in self.advisories[package_name.strip().lower()]:
if candidate.is_affected(package_version):
advisories.append(candidate)
return len(advisories) > 0, advisories
register_source("gemnasium", Gemnasium)
self._advisories = defaultdict(list)
with open(self.path, "rb") as fh:
for item in json.load(fh):
obj = GithubSecurityAdvisory.using(item)
self._advisories[obj.package_name].append(obj)
@property
def path(self) -> str:
return os.path.join(self._cache_dir, "github.cache")
def update(self) -> None:
with open(self.path, "w") as fh:
json.dump(list(_fetch_github_security_advisories()), fh)
def has_security_advisory_for(self, package_name: str) -> bool:
return package_name.strip() in self.advisories.keys()
def is_vulnerable_package(
self, package_name: str,
package_version: str) -> Tuple[bool, List[SecurityAdvisory]]:
advisories = []
for candidate in self.advisories[package_name]:
if candidate.is_affected(package_version):
advisories.append(candidate)
return len(advisories) > 0, advisories
register_source("github", Github)
def test_register_source_twice() -> None:
with pytest.raises(SkjoldException):
register_source("dummy", DummyAdvisorySource)
assert is_registered_source("dummy")
register_source("dummy", DummyAdvisorySource)
def total_count(self) -> int:
return 0
def update(self) -> None:
pass
def has_security_advisory_for(self, package_name: str) -> bool:
"""Always return `True` since to ensure we always call the OSV API for every package."""
return True
def is_vulnerable_package(
self, package_name: str, package_version: str
) -> Tuple[bool, Sequence[SecurityAdvisory]]:
findings = _osv_dev_api_request(package_name.strip().lower(), package_version)
if not len(findings):
return False, []
advisories = []
for finding in findings:
advisory = OSVSecurityAdvisory.using(finding)
advisories.append(advisory)
return True, advisories
def get_security_advisories(self) -> MutableMapping[str, SecurityAdvisoryList]:
raise NotImplementedError
register_source("osv", OSV)
for advisory in advisories:
obj = PyUpSecurityAdvisory.using(package_name, advisory)
self._advisories[obj.package_name].append(obj)
def update(self) -> None:
request_ = urllib.request.Request(
url=self._url,
headers={"Accept": "application/json"},
)
with urllib.request.urlopen(request_) as response:
json_ = json.loads(response.read())
with open(self.path, "w") as fh:
json.dump(json_, fh)
def has_security_advisory_for(self, package_name: str) -> bool:
return package_name.strip() in self.advisories.keys()
def is_vulnerable_package(
self, package_name: str,
package_version: str) -> Tuple[bool, List[SecurityAdvisory]]:
advisories = []
for candidate in self.advisories[package_name]:
if candidate.is_affected(package_version):
advisories.append(candidate)
return len(advisories) > 0, advisories
register_source("pyup", PyUp)
@property
def total_count(self) -> int:
return len(self._advisories.keys())
def update(self) -> None:
request = urllib.request.Request(url=self._url,
headers={"User-Agent": "Mozilla/5.0"})
with urllib.request.urlopen(request) as response:
with open(self.path, "wb") as fh:
fh.write(response.read())
def has_security_advisory_for(self, package_name: str) -> bool:
return package_name.strip().lower() in self.advisories.keys()
def is_vulnerable_package(
self, package_name: str,
package_version: str) -> Tuple[bool, List[SecurityAdvisory]]:
if not self.has_security_advisory_for(package_name):
return False, []
advisories = []
for candidate in self.advisories[package_name.strip().lower()]:
if candidate.is_affected(package_version):
advisories.append(candidate)
return len(advisories) > 0, advisories
register_source("pypa", PyPAAdvisoryDB)
